About me
My name is Feng Hao. I used to be called "Hao Feng" before I came to the UK; now people call me "Feng Hao". I'm confused too sometimes. Anyway, "Feng" is my first name.
I graduated from the Computer Laboratory, University of Cambridge in 2007 with a PhD in computer security, under the supervision of Prof. Ross Anderson and Dr. John Daugman. Here is my PhD thesis submitted in April 2007 - "On using fuzzy data in security mechanisms" (also available here). Currently, I'm working at Thales e-security, Cambridge, UK.
Publications
This page is mainly a placeholder for my research papers. I'm fond of security research that is new, useful and diverse. I love mathematics but I dislike seeing it overused to make papers look hyper-fancy.
- F. Hao, "On small subgroup non-confinement attacks", 2009, draft [paper].
- It explains sometimes an attacker may exploit the non-confinement of small subgroups to attack some password-authenticated key exhcnage schemes.
- F. Hao, P. Ryan, P. Zielinski, "Anonymous Voting by 2-Round Public Discussion", 2009, accepted by IET Information Security [paper][Slides].
- It presents a decentralized e-voting scheme. This technique is a generalization of the AV-net scheme.
- F. Hao, P. Zielinski, "The power of anonymous veto in public
discussion," Sprigner Transactions on Computational Sciences Journal, pp. 41-52, 2009 [Paper].
- It's a journal version of the anonymous veto paper.
- F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", Proceedings of the 16th Workshop on Security Protocols, Cambridge, April 2008. [Paper][Slides][Java code][Blog]
- It proposes a crypto protocol called Password
Authenticated Key Exchange by Juggling (J-PAKE). Compared with EKE (patented by Lucent
Technologies) and SPEKE (patented by Phoenix Technologies), J-PAKE has
clear advantages in security with comparable efficiency. It is submitted
as a follow-on to the future extension of IEEE Standard P1363.2.
- F. Hao, J. Daugman, P. Zielinski, "A fast search algorithm for a
large fuzzy database," IEEE Transactions on Information
Forensics and Security, June 2008. [Preprint]
- It proposes a fast search algorithm for iris recognition, which achieves a substantial speed-up over exhaustive search with a negligible loss of precision.
- F. Hao, "Kish's key exchange scheme is insecure," IEE
Information Security, Vol. 153, No. 4, pp. 141--142, December 2006. [Paper]
- It points out that a "totally secure" communication system, featured
in Science, is seriously flawed.
- It points out that a "totally secure" communication system, featured
in Science, is seriously flawed.
- F. Hao, P. Zielinski, "A 2-round anonymous veto protocol (Transcript of Discussion)," 14th
International Workshop on Security Protocols, LNCS 5087, pp. 212-214, 2009 [Springer]
- It is a discussion of transcript of the paper below.
- F. Hao, P. Zielinski, "A 2-round anonymous veto protocol," 14th
International Workshop on Security Protocols, Cambridge (2006)[Paper] [Slides][Springer]
- It proposes an efficient solution to the Dining Cryptographers problem (Chaum, 1988), achieving the best efficiency among all available solutions.
- F. Hao, R. Anderson, J. Daugman, "Combining crypto with biometrics
effectively," IEEE Transactions on Computers, Vol. 55, No. 9,
pp. 1081--1088, Sept., 2006. [Paper]
[report]
- It proposes the first practical and secure way to integrate the iris biometric into cryptographic applications.
- F. Hao, "Combining crypto with biometrics: a new human-security
interface," 13th International Workshop on Security Protocols,
LNCS 4631, pp. 133-138, 2005. [Paper]
- It presents a transcript of discussion on combining crypto with biometrics.
- F. Hao, C.W. Chan, "Online signature verification using a new extreme points warping technique," Pattern Recognition Letters, Vol 24, Issue 16, 2943-2951 (2003) [Paper]
- It modifies the classic Dynamic Programming algorithm to better suit the requirements of handwritten signature verification.
- F. Hao, C.W. Chan, "Private Key Generation from On-line Handwritten Signatures," Information Management & Computer Security, Vol 10, Issue 4, 159-164 (2002) [Paper]
- It proposes to apply quantization to derive stable bits from handwritten signatures.